Add OSV export golden test

This change prevents regression in the OSV output.
haskell · Dec 13, 2023 · 4ab6c40 · 4ab6c40
1 parent 0cf102f
commit 4ab6c40
Show file tree

Hide file tree

Showing 5 changed files with 118 additions and 2 deletions.
diff --git a/code/hsec-tools/hsec-tools.cabal b/code/hsec-tools/hsec-tools.cabal
@@ -103,6 +103,7 @@ test-suite spec
   main-is:          Spec.hs
   other-modules:    Spec.QueriesSpec
   build-depends:
+    , aeson-pretty   <2
     , base           <5
     , Cabal-syntax
     , cvss

diff --git a/code/hsec-tools/test/Spec.hs b/code/hsec-tools/test/Spec.hs
@@ -2,6 +2,7 @@
 
 module Main where
 
+import Data.Aeson.Encode.Pretty (encodePretty)
 import Data.List (isSuffixOf)
 import qualified Data.Text.IO as T
 import qualified Data.Text.Lazy as LText
@@ -13,6 +14,7 @@ import Test.Tasty
 import Test.Tasty.Golden (goldenVsString)
 import Text.Pretty.Simple (pShowNoColor)
 
+import qualified Security.Advisories.Convert.OSV as OSV
 import Security.Advisories.Parse
 import qualified Spec.QueriesSpec as QueriesSpec
 
@@ -34,7 +36,7 @@ goldenTestsSpec :: [FilePath] -> TestTree
 goldenTestsSpec goldenFiles = testGroup "Golden test" $ map doGoldenTest goldenFiles
 
 doGoldenTest :: FilePath -> TestTree
-doGoldenTest fp = goldenVsString fp (fp <> ".golden") (flip mappend "\n" . LText.encodeUtf8 <$> doCheck)
+doGoldenTest fp = goldenVsString fp (fp <> ".golden") (LText.encodeUtf8 <$> doCheck)
   where
     doCheck :: IO LText.Text
     doCheck = do
@@ -46,4 +48,12 @@ doGoldenTest fp = goldenVsString fp (fp <> ".golden") (flip mappend "\n" . LText
                     , oobModified = Just fakeDate
                     }
             res = parseAdvisory NoOverrides attr input
-        pure . pShowNoColor $ res
+            osvExport = case res of
+                Right adv ->
+                    let osv = OSV.convert adv
+                     in LText.unlines
+                            [ pShowNoColor osv
+                            , LText.decodeUtf8 (encodePretty osv)
+                            ]
+                Left _ -> ""
+        pure (LText.unlines [pShowNoColor res, osvExport])
diff --git a/code/hsec-tools/test/golden/EXAMPLE_ADVISORY.md.golden b/code/hsec-tools/test/golden/EXAMPLE_ADVISORY.md.golden
@@ -153,3 +153,106 @@ Right
           "
         }
     )
+Model
+    { modelSchemaVersion = "1.5.0"
+    , modelId = "HSEC-0000-0000"
+    , modelModified = 1970-01-01 00:00:00 UTC
+    , modelPublished = Just 1970-01-01 00:00:00 UTC
+    , modelWithdrawn = Nothing
+    , modelAliases = [ "CVE-2022-XXXX" ]
+    , modelRelated =
+        [ "CVE-2022-YYYY"
+        , "CVE-2022-ZZZZ"
+        ]
+    , modelSummary = Just "Advisory Template - Title Goes Here"
+    , modelDetails = Just "# Advisory Template - Title Goes Here
+
+      This is an example template.
+
+       * Markdown
+       * TOML "front matter".
+
+       > Acme Broken.
+      "
+    , modelSeverity = []
+    , modelAffected =
+        [ Affected
+            { affectedRanges =
+                [ RangeEcosystem
+                    [ EventIntroduced "1.0.8"
+                    , EventFixed "1.1"
+                    , EventIntroduced "1.1.2"
+                    ] Nothing
+                ]
+            , affectedPackage = Package
+                { packageName = "package-name"
+                , packageEcosystem = "Hackage"
+                , packagePurl = Nothing
+                }
+            , affectedSeverity =
+                [ Severity CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H ]
+            , affectedEcosystemSpecific = Nothing
+            , affectedDatabaseSpecific = Nothing
+            }
+        ]
+    , modelReferences =
+        [ Reference
+            { referencesType = ReferenceTypeArticle
+            , referencesUrl = "https://example.com"
+            }
+        ]
+    , modelCredits = []
+    , modelDatabaseSpecific = Nothing
+    }
+{
+    "affected": [
+        {
+            "package": {
+                "ecosystem": "Hackage",
+                "name": "package-name"
+            },
+            "ranges": [
+                {
+                    "events": [
+                        {
+                            "introduced": "1.0.8"
+                        },
+                        {
+                            "fixed": "1.1"
+                        },
+                        {
+                            "introduced": "1.1.2"
+                        }
+                    ],
+                    "type": "ECOSYSTEM"
+                }
+            ],
+            "severity": [
+                {
+                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+                    "type": "CVSS_V3"
+                }
+            ]
+        }
+    ],
+    "aliases": [
+        "CVE-2022-XXXX"
+    ],
+    "details": "# Advisory Template - Title Goes Here\n\nThis is an example template.\n\n * Markdown\n * TOML \"front matter\".\n\n > Acme Broken.\n",
+    "id": "HSEC-0000-0000",
+    "modified": "1970-01-01T00:00:00Z",
+    "published": "1970-01-01T00:00:00Z",
+    "references": [
+        {
+            "type": "ARTICLE",
+            "url": "https://example.com"
+        }
+    ],
+    "related": [
+        "CVE-2022-YYYY",
+        "CVE-2022-ZZZZ"
+    ],
+    "schema_version": "1.5.0",
+    "summary": "Advisory Template - Title Goes Here"
+}
+
diff --git a/code/hsec-tools/test/golden/MISSING_AFFECTED.md.golden b/code/hsec-tools/test/golden/MISSING_AFFECTED.md.golden
@@ -7,3 +7,4 @@ Left
         ] "missing key: affected in top
       "
     )
+
diff --git a/code/hsec-tools/test/golden/MISSING_TITLE.md.golden b/code/hsec-tools/test/golden/MISSING_TITLE.md.golden
@@ -1,2 +1,3 @@
 Left
     ( MarkdownFormatError "Does not have summary heading" )
+
Original file line number	Diff line number	Diff line change
Expand Up		@@ -7,3 +7,4 @@ Left
		] "missing key: affected in top
		"
		)
Original file line number	Diff line number	Diff line change
		@@ -1,2 +1,3 @@
		Left
		( MarkdownFormatError "Does not have summary heading" )